<?
session_start();
include 'functions.php';

// Check if user has permission to view spec
// Check if it is his spec
$stat = "<row status='0' message='NOLOGIN'></row>";
$specId = mysql_real_escape_string($_POST['specId']);$mainJob = mysql_real_escape_string($_POST['mainJob']);
$layout = mysql_real_escape_string($_POST['layout']);
$description = mysql_real_escape_string($_POST['description']);
$level = mysql_real_escape_string($_POST['level']);
$encodedPNGData = $_POST['encodedPNGData'];

if(isset($_SESSION['password']) && isset($_SESSION['email']) && isset($_SESSION['userId']) && isset($_POST['level']) && isset($_POST['description']) && isset($_POST['layout']) && isset($_POST['mainJob'])){
	$password = mysql_real_escape_string($_SESSION['password']);
	$email = mysql_real_escape_string($_SESSION['email']);
	$validate = checkUser($email, $password, 1);
	
	if($validate == 1){	
		if(isset($_POST['specId']) && $_POST['specId'] != "" && $_POST['specId'] != -1){					$abfrage = "SELECT jobId FROM ffxivc_jobs			WHERE tri = \"".$mainJob."\"";			$res = mysql_query($abfrage);			if($res){				$jobId = mysql_result($res, 0, "jobId");			}			$abfrage = "				UPDATE ffxivc_specs SET					layout = \"".$layout."\"					,description = \"".$description."\"					,level = \"".$level."\"					,jobId = \"".$jobId."\"				WHERE specId = \"".$specId."\"				AND userId = \"".$_SESSION['userId']."\"				";						$res = mysql_query($abfrage);							if ($res){				saveImage($encodedPNGData, 0.5, $specId);				$stat = "<row status='1' message='UPDATE'></row>";							}
		}else{			$abfrage = "SELECT specId FROM ffxivc_specs				WHERE userId = \"".$_SESSION['userId']."\"";							$res = mysql_query($abfrage);			$num = mysql_num_rows($res);						if($num <= 7){				$abfrage = "SELECT jobId FROM ffxivc_jobs				WHERE tri = \"".$mainJob."\"";				$res = mysql_query($abfrage);				if($res){					$jobId = mysql_result($res, 0, "jobId");				}																$abfrage = "				INSERT INTO ffxivc_specs (					layout					,description					,level					,public					,cdate					,udate					,userId										,jobId					)				VALUES (					\"".$layout."\"					,\"".$description."\"					,\"".$level."\"					, \"N\"					,\"".date('Y-m-d H:i:s')."\"					,\"".date('Y-m-d H:i:s')."\"					,\"".$_SESSION['userId']."\"					,\"".$jobId."\")				";					$res = mysql_query($abfrage);									if ($res){					$new_sId = mysql_insert_id();					saveImage($encodedPNGData, 0.5, $new_sId);					$stat = "<row status='1' message='INSERT' id='".$new_sId."'></row>";				}			}else{				$stat = "<row status='0' message='TOOMANY'></row>";			}
		}
		
	}else{		$stat = "<row status='0' message='FALSEDATA'></row>";	}
}
echo "<?xml version='1.0' encoding='utf-8'?><ffxivspecs><status>".$stat."</status></ffxivspecs>";

?>